Issue #218: Exposing statuscode and substatuscode through toolkit.

Kouroche Sedaghatian · Kouroche Sedaghatian · commit 5f525ac353af · 2019-02-19T15:00:03.000-05:00
diff --git a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java
@@ -85,6 +85,11 @@ public class SamlResponse {
 	 */ 
 	private String error;
 
+	/**
+	 * The respone status code and messages
+	 */
+	private SamlResponseStatus responseStatus;
+
 	/**
 	 * Constructor to have a Response object fully built and ready to validate the saml response.
 	 *
@@ -574,19 +579,27 @@ public HashMap<String, List<String>> getAttributes() throws XPathExpressionExcep
 		return attributes;
 	}
 
+	/**
+	 * Returns the latest response status
+	 * 
+	 * @return
+	 */
+	public SamlResponseStatus getResponseStatus() {
+		return this.responseStatus;
+	}
+
 	/**
 	 * Checks the Status
 	 *
-	 * @throws ValidationError
-	 *             If status is not success
+	 * @throws ValidationError If status is not success
 	 */
 	public void checkStatus() throws ValidationError {
-		SamlResponseStatus responseStatus = getStatus(samlResponseDocument);
-		if (!responseStatus.is(Constants.STATUS_SUCCESS)) {
+		this.responseStatus = getStatus(samlResponseDocument);
+		if (!this.responseStatus.is(Constants.STATUS_SUCCESS)) {
 			String statusExceptionMsg = "The status code of the Response was not Success, was "
-					+ responseStatus.getStatusCode();
-			if (responseStatus.getStatusMessage() != null) {
-				statusExceptionMsg += " -> " + responseStatus.getStatusMessage();
+					+ this.responseStatus.getStatusCode();
+			if (this.responseStatus.getStatusMessage() != null) {
+				statusExceptionMsg += " -> " + this.responseStatus.getStatusMessage();
 			}
 			throw new ValidationError(statusExceptionMsg, ValidationError.STATUS_CODE_IS_NOT_SUCCESS);
 		}
diff --git a/toolkit/src/main/java/com/onelogin/saml2/Auth.java b/toolkit/src/main/java/com/onelogin/saml2/Auth.java
@@ -29,6 +29,7 @@
 import com.onelogin.saml2.http.HttpRequest;
 import com.onelogin.saml2.logout.LogoutRequest;
 import com.onelogin.saml2.logout.LogoutResponse;
+import com.onelogin.saml2.model.SamlResponseStatus;
 import com.onelogin.saml2.servlet.ServletUtils;
 import com.onelogin.saml2.settings.Saml2Settings;
 import com.onelogin.saml2.settings.SettingsBuilder;
@@ -655,6 +656,13 @@ public void processResponse(String requestId) throws Exception {
 				LOGGER.error("processResponse error. invalid_response");
 				LOGGER.debug(" --> " + samlResponseParameter);
 				errorReason = samlResponse.getError();
+				SamlResponseStatus samlResponseStatus = samlResponse.getResponseStatus();
+				if (samlResponseStatus.getStatusCode() != null) {
+					errors.add(samlResponseStatus.getStatusCode());
+				}
+				if (samlResponseStatus.getSubStatusCode() != null) {
+					errors.add(samlResponseStatus.getSubStatusCode());
+				}
 			}
 		} else {
 			errors.add("invalid_binding");
